G'day Jens, * Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 15:30]: > * Stewart V. Wright schrieb am 2004-11-07 um 19:16 Uhr: > > * Jens Kubieziel <mutt-user@xxxxxxxxxxxx> [041107 10:10]: > > > I use random.sks.keyserver.penguin.de or subkeys.pgp.net as keyserver > > > and auto-key-retrieve is set. However it doesn't seem to work. > > > > Big hint here... RTFM for GnuPG. auto-key-retrieve is described as: > > This option enables the automatic retrieving of > > keys from a keyserver when verifying signatures > > made by keys that are not on the local keyring. > > Argl, I read over the "verifying signatures"-part. Easily done. > Maybe I didn't made myself clear. I don't want to query a keyserver for > each mail I write. It should only happen when I want to write an > encrypted mail *and* don't have the others key in my keyring. Ah, apologies. I see that you've actually thought this through (at least more than I usually do before posting a message! :-) ) > > The second major problem is the security aspect. Having a key listed on > > one of the key servers means NOTHING. There is no guarantee that a key > > that is listed as belonging to yourfriend@xxxxxxxxxxxx has anything to do > > with that person. The security in Open-PGP comes from the Web of Trust - > > ACK. But assume I want to write a mail to RMS. He is actually not in my > keyring, but when calculating the path to him > (<URL:http://webware.lysator.liu.se/jc/wotsap/?top=0x135EA668&bottom=0xEE0977E8>) > I can be sure that 0x135EA668 is the right key. However in that (and > case normally only then) I want to fetch the key from mutt. Indeed. I didn't realise that your key was as well connected as it is... I guess the question now is, how does one code in the WoT into your key-getting gizmo? You are one person away from RMS, but two away from me. Is that close enough? How about taking the sig types in to account? I guess you should let gpg do that sort of leg work for you. > Thanks for your hints. Maybe I will write something that solves that > problem. Hmm... A combination replacing your editor with a script that calls "gpg --search-keys" based on the To: CC: and BCC: lines and then opens an editor might be one way forward. Please do post whatever you come up with - I'd like to see a solution. Cheers, S.
Attachment:
signature.asc
Description: Digital signature